Question No: 71 – (Topic 1)

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be opened? (Select TWO).

TCP 21

TCP 23

TCP 53

UDP 23

UDP 53

Answer: C,E Explanation:

DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.

Question No: 72 – (Topic 1)

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar.

Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?

The system is running 802.1x.

The system is using NAC.

The system is in active-standby mode.

The system is virtualized.

Answer: D Explanation:

Virtualization allows a single set of hardware to host multiple virtual machines.

Question No: 73 – (Topic 1)

Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?

Virtualization

Remote access

Network access control

Blade servers

Answer: A Explanation:

Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires less hardware to maintain the current scenario.

Question No: 74 – (Topic 1)

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?

HTTPS

SSH

FTP

TLS

Answer: D

Explanation: Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

Question No: 75 – (Topic 1)

A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

Implement a virtual firewall

Install HIPS on each VM

Virtual switches with VLANs

Develop a patch management guide

Answer: C Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.

Question No: 76 – (Topic 1)

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?

Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080

Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80

Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

Create a static PAT from port 8080 on the outside interface to the server IP address on port 80

Answer: C Explanation:

Static PAT translations allow a specific UDP or TCP port on a global address to be translated to a specific port on a local address. In this case, the default HTTP port (80) is

the global address to be translated, and port 8080 is the specific port on a local address.

Incorrect Options:

A: Dynamic PAT is not a valid type of PAT.

B: Dynamic NAT translates a group of real addresses to a pool of mapped addresses that are routable on the destination network. The question also states that the internal server is listening on port 8080.

D: The question states that the internal server is listening on port 8080.

Question No: 77 – (Topic 1)

An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:

stateful firewall

packet-filtering firewall

NIPS

NAT

Answer: D Explanation:

NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.

Question No: 78 – (Topic 1)

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.

Which of the following provides the highest degree of protection from unauthorized wired network access?

Intrusion Prevention Systems

MAC filtering

Flood guards

D. 802.1x

Answer: D Explanation:

IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.

Question No: 79 – (Topic 1)

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?

TCP port 443 and IP protocol 46

TCP port 80 and TCP port 443

TCP port 80 and ICMP

TCP port 443 and SNMP

Answer: B Explanation:

HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.

Question No: 80 – (Topic 1)

Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches.

Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa?

ACLs

VLANs

DMZs

NATS

Answer: B Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.